Vulnerabilities tagged "exploitation"

This was a really cool XSS filter bypass due to a parsing differential between PHP's multibyte string functions: `mb_strpos` and `mb_substr` when dealing with invalid UTF-8 sequences.

XSS delivered via profile image upload of an SVG containing the XSS.Fairly common situation where SVG support allows XSS because the SVG's scripts are not sanitized but also one we have basically never talked about on the podcast...

This one comes down to a normalization difference between Cloudflare's CDN and the ChatGPT backend server.The Cloudflare CDN was setup to cache all requests under the `/share/` endpoint, and the determination of whether a path matches would happen before any percent-encoded characters were decoded...

Format string bugs, you'd think we'd be done with them by now, but Shielder here documents one in ASUS routers.

Qualys at it again this time with a skipped initialization code path leading to a small allocation and a buffer overflow deep in glibc's `syslog`.

Andrea Menin brings us a great find with a deviously simple WAF bypass. The core bug belongs to ModSecurity and the variables it exposes to be used by the various rulesets others have created.

Though perhaps an accidental find by Abhi Sharma it is a great one none-the-less. With a race-condition leading to the bypass of a MFA check.

A fun but simple buffer overflow in Factorio.When loading save files, the game will load a `PropertyTree` from the file...

A secure boot bypass in Chromecast with the Google TV (CCwGTV)'s 1080p revision. This bypass sort of involves two issues, a hardware fault injection and a software logical bug, and this is due to mitigations and efforts Google has made since the exploit chain that was released against the 4K model previously.

A somewhat odd vulnerability in Adobe Coldfusion, where it would take an attacker controllable `classname` parameter and use it to compile Coldfusion code on the fly to render in the response.If the `classname` didn't match a valid Coldfusion Class, it would treat the it as a path to a Coldfusion template...